Erman Arslan's Oracle Forum Database
Login  Register

TNS Poisoning Atack

classic Classic list List threaded Threaded
4 messages Options Options
 
Embed post
Permalink
manjini
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Sep 28, 2018; 12:41pm

TNS Poisoning Atack

manjini
3 posts
Hello Erman,

We have to find workaround for TNS poisoning without 12.2c upgrade , can you lead me to rigth document for 11.2.0.3 and 11.2.0.4 non rac  database.
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Sep 28, 2018; 12:56pm

Re: TNS Poisoning Atack

ErmanArslansOracleBlog
Administrator
5732 posts
Hi,

You mean CVE-2012-1675, a vulnerability in the TNS listener which has been recently disclosed as "TNS Listener Poison Attack" affecting the Oracle Database Server.

Yes, I can lead you..

Did you check  my related posts?

https://ermanarslan.blogspot.com/2014/07/ebs-122-rdbms-listener-poisoning-oracle.html

https://ermanarslan.blogspot.com/2017/03/vncr-valid-node-checking-for.html
manjini
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Oct 05, 2018; 8:31am

Re: TNS Poisoning Atack

manjini
3 posts
Thank you for help Erman,

What I did was;

for 11.2.0.3 databases I applied patch and vulnerability fixed.
for 11.2.0.4 databases I added a parameter to listener.ora which is "SECURE_REGISTER_LISTENER = (TCP)" and vulnerability fixed.
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
| More
Print post
Permalink
Oct 05, 2018; 8:45am

Re: TNS Poisoning Atack

ErmanArslansOracleBlog
Administrator
5732 posts
Good then.
Free forum by Nabble Edit this page